Missing validation of JWT signature in `ManyDesigns/Portofino`
Critical severity
GitHub Reviewed
Published
Apr 16, 2021
in
ManyDesigns/Portofino
•
Updated Sep 25, 2023
Description
Published by the National Vulnerability Database
Apr 16, 2021
Reviewed
Apr 16, 2021
Published to the GitHub Advisory Database
Apr 19, 2021
Last updated
Sep 25, 2023
Impact
Portofino is an open source web development framework. Portofino before version 5.2.1 did not properly verify the signature of JSON Web Tokens.
This allows forging a valid JWT.
Patches
The issue will be patched in the upcoming 5.2.1 release.
For more information
If you have any questions or comments about this advisory:
References